jinzd-ai-cli 0.4.112 → 0.4.114

package/dist/auth-VBV7HTLQ.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+import {
+  AuthManager,
+  __resetLoginAttemptsForTests
+} from "./chunk-5UPFMM2A.js";
+import "./chunk-PDX44BCA.js";
+export {
+  AuthManager,
+  __resetLoginAttemptsForTests
+};

package/dist/{batch-QQGRQ45S.js → batch-Q5NQCXKN.js}

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import {
   ConfigManager
-} from "./chunk-FM5VYCXA.js";
+} from "./chunk-CP6PALA4.js";
 import "./chunk-2ZD3YTVM.js";
-import "./chunk-AWZ63EVH.js";
+import "./chunk-UF62SHR7.js";
 import "./chunk-PDX44BCA.js";
 
 // src/cli/batch.ts

package/dist/{chunk-5XHNTLRS.js → chunk-2WAF7FOX.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   TEST_TIMEOUT
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 
 // src/tools/builtin/run-tests.ts
 import { execSync, spawnSync } from "child_process";

package/dist/{chunk-BYNY5JPB.js → chunk-5UPFMM2A.js}

@@ -5,8 +5,14 @@ import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, copyFi
 import { join } from "path";
 import { createHmac, randomBytes, timingSafeEqual, pbkdf2Sync } from "crypto";
 var USERS_FILE = "users.json";
-var TOKEN_EXPIRY_HOURS = 24 * 7;
+var TOKEN_EXPIRY_HOURS = 24;
 var USERS_DIR = "users";
+var LOGIN_MAX_FAILS = 5;
+var LOGIN_LOCKOUT_MS = 15 * 60 * 1e3;
+var loginAttempts = /* @__PURE__ */ new Map();
+function __resetLoginAttemptsForTests() {
+  loginAttempts.clear();
+}
 var AuthManager = class {
   usersFile;
   baseDir;
@@ -57,16 +63,30 @@ var AuthManager = class {
     this.save();
     return null;
   }
-  /** Authenticate user. Returns JWT token or null. */
+  /**
+   * Authenticate user. Returns JWT token or null on failure.
+   *
+   * Audit closure (5th audit, v0.4.114): integrates failed-login lockout
+   * (CWE-307). After {@link LOGIN_MAX_FAILS} consecutive failures within a
+   * lockout window, further attempts return null without checking the
+   * password (avoiding pbkdf2 work + leaking timing). Successful login
+   * resets the counter.
+   */
   login(username, password) {
     username = username.trim().toLowerCase();
+    const lockState = this.getLockState(username);
+    if (lockState.locked) return null;
     const user = this.db.users.find((u) => u.username === username);
-    if (!user) return null;
+    if (!user) {
+      this.recordFailedLogin(username);
+      return null;
+    }
     const isLegacy = !user.hashVersion || user.hashVersion < 2;
     const hash = isLegacy ? this.hashPasswordLegacy(password, user.salt) : this.hashPassword(password, user.salt);
     const a = Buffer.from(hash, "utf-8");
     const b = Buffer.from(user.passwordHash, "utf-8");
     if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      this.recordFailedLogin(username);
       return null;
     }
     if (isLegacy) {
@@ -76,8 +96,34 @@ var AuthManager = class {
       user.hashVersion = 2;
       this.save();
     }
+    loginAttempts.delete(username);
     return this.createToken(username);
   }
+  /**
+   * Returns current lockout state for a username and lazily expires it.
+   * Exposed (read-only) for tests and the `aicli user` CLI status output.
+   */
+  getLockState(username) {
+    username = username.trim().toLowerCase();
+    const state = loginAttempts.get(username);
+    if (!state) return { locked: false, remainingMs: 0, fails: 0 };
+    if (state.lockedUntil > 0 && Date.now() >= state.lockedUntil) {
+      loginAttempts.delete(username);
+      return { locked: false, remainingMs: 0, fails: 0 };
+    }
+    if (state.lockedUntil > 0) {
+      return { locked: true, remainingMs: state.lockedUntil - Date.now(), fails: state.fails };
+    }
+    return { locked: false, remainingMs: 0, fails: state.fails };
+  }
+  recordFailedLogin(username) {
+    const state = loginAttempts.get(username) ?? { fails: 0, lockedUntil: 0 };
+    state.fails += 1;
+    if (state.fails >= LOGIN_MAX_FAILS) {
+      state.lockedUntil = Date.now() + LOGIN_LOCKOUT_MS;
+    }
+    loginAttempts.set(username, state);
+  }
   /** Verify a token. Returns username or null. */
   verifyToken(token) {
     try {
@@ -90,12 +136,29 @@ var AuthManager = class {
         Buffer.from(payloadB64, "base64url").toString("utf-8")
       );
       if (Date.now() > payload.exp) return null;
-      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      const user = this.db.users.find((u) => u.username === payload.username);
+      if (!user) return null;
+      if (user.tokensRevokedBefore && (!payload.iat || payload.iat < user.tokensRevokedBefore)) {
+        return null;
+      }
       return payload.username;
     } catch {
       return null;
     }
   }
+  /**
+   * Revoke every outstanding token for the given user by bumping the
+   * `tokensRevokedBefore` watermark to now. Audit closure (5th audit,
+   * v0.4.114). Returns true if the user existed.
+   */
+  logoutAll(username) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return false;
+    user.tokensRevokedBefore = Date.now() + 1;
+    this.save();
+    return true;
+  }
   /** Get user's data directory (absolute path) */
   getUserDataDir(username) {
     const user = this.db.users.find((u) => u.username === username);
@@ -127,6 +190,7 @@ var AuthManager = class {
     user.passwordHash = this.hashPassword(newPassword, salt);
     user.salt = salt;
     user.hashVersion = 2;
+    user.tokensRevokedBefore = Date.now() + 1;
     this.save();
     return null;
   }
@@ -198,9 +262,11 @@ var AuthManager = class {
     return pbkdf2Sync(password, salt, 1e5, 64, "sha512").toString("hex");
   }
   createToken(username) {
+    const now = Date.now();
     const payload = {
       username,
-      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+      iat: now,
+      exp: now + TOKEN_EXPIRY_HOURS * 3600 * 1e3
     };
     const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
     const signature = this.sign(payloadB64);
@@ -212,5 +278,6 @@ var AuthManager = class {
 };
 
 export {
+  __resetLoginAttemptsForTests,
   AuthManager
 };

package/dist/{chunk-FM5VYCXA.js → chunk-CP6PALA4.js}

@@ -8,7 +8,7 @@ import {
   CONFIG_FILE_NAME,
   HISTORY_DIR_NAME,
   PLUGINS_DIR_NAME
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/{chunk-BWZJGCO6.js → chunk-E24HT62E.js}

@@ -2,7 +2,7 @@
 import {
   schemaToJsonSchema,
   truncateForPersist
-} from "./chunk-7XXZWPTN.js";
+} from "./chunk-XXKWSBRC.js";
 import {
   AuthError,
   ProviderError,
@@ -18,7 +18,7 @@ import {
   MCP_PROTOCOL_VERSION,
   MCP_TOOL_PREFIX,
   VERSION
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import {
   redactJson
 } from "./chunk-7ZJN4KLV.js";

package/dist/{chunk-AWZ63EVH.js → chunk-UF62SHR7.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/core/constants.ts
-var VERSION = "0.4.112";
+var VERSION = "0.4.114";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-DEXCXFLP.js → chunk-W45U3KQE.js}

@@ -6,7 +6,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.4.112";
+var VERSION = "0.4.114";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-7XXZWPTN.js → chunk-XXKWSBRC.js}

@@ -5,7 +5,7 @@ import {
 } from "./chunk-3BICTI5M.js";
 import {
   runTestsTool
-} from "./chunk-5XHNTLRS.js";
+} from "./chunk-2WAF7FOX.js";
 import {
   EnvLoader,
   NetworkError,
@@ -18,7 +18,7 @@ import {
   SUBAGENT_ALLOWED_TOOLS,
   SUBAGENT_DEFAULT_MAX_ROUNDS,
   SUBAGENT_MAX_ROUNDS_LIMIT
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import {
   fileCheckpoints
 } from "./chunk-4BKXL7SM.js";
@@ -229,10 +229,36 @@ function resetInterrupt() {
   interrupted = false;
 }
 
+// src/tools/session-context.ts
+import { AsyncLocalStorage } from "async_hooks";
+var als = new AsyncLocalStorage();
+var DEFAULT_SESSION_KEY = "__default__";
+function getCurrentSessionKey() {
+  const ctx = als.getStore();
+  if (!ctx || !ctx.sessionKey) return DEFAULT_SESSION_KEY;
+  return ctx.sessionKey;
+}
+function runWithSessionKey(sessionKey, fn) {
+  const key = sessionKey && sessionKey.length > 0 ? sessionKey : DEFAULT_SESSION_KEY;
+  return als.run({ sessionKey: key }, fn);
+}
+
 // src/tools/builtin/bash.ts
 var IS_WINDOWS = platform() === "win32";
 var SHELL = IS_WINDOWS ? "powershell.exe" : process.env["SHELL"] ?? "/bin/bash";
-var persistentCwd = process.cwd();
+var cwdBySession = /* @__PURE__ */ new Map();
+function getCwd() {
+  const key = getCurrentSessionKey();
+  let cwd = cwdBySession.get(key);
+  if (!cwd) {
+    cwd = process.cwd();
+    cwdBySession.set(key, cwd);
+  }
+  return cwd;
+}
+function setCwd(next) {
+  cwdBySession.set(getCurrentSessionKey(), next);
+}
 var bashTool = {
   definition: {
     name: "bash",
@@ -277,17 +303,19 @@ Important rules:
     if (!command.trim()) {
       throw new ToolError("bash", "command is required");
     }
-    if (!existsSync2(persistentCwd)) {
+    let currentCwd = getCwd();
+    if (!existsSync2(currentCwd)) {
       const fallback = process.cwd();
       process.stderr.write(
-        `[bash] Previous cwd "${persistentCwd}" no longer exists, reset to "${fallback}"
+        `[bash] Previous cwd "${currentCwd}" no longer exists, reset to "${fallback}"
 `
       );
-      persistentCwd = fallback;
+      currentCwd = fallback;
+      setCwd(fallback);
     }
-    let effectiveCwd = persistentCwd;
+    let effectiveCwd = currentCwd;
     if (cwdArg) {
-      const resolved = resolve(persistentCwd, cwdArg);
+      const resolved = resolve(currentCwd, cwdArg);
       if (!existsSync2(resolved)) {
         throw new ToolError(
           "bash",
@@ -295,7 +323,7 @@ Important rules:
         );
       }
       effectiveCwd = resolved;
-      persistentCwd = resolved;
+      setCwd(resolved);
     }
     let actualCommand;
     if (IS_WINDOWS) {
@@ -551,7 +579,7 @@ function updateCwdFromCommand(command, baseCwd) {
   try {
     const newDir = resolve(baseCwd, target);
     if (existsSync2(newDir)) {
-      persistentCwd = newDir;
+      setCwd(newDir);
     }
   } catch {
   }
@@ -1411,6 +1439,16 @@ var ToolExecutor = class {
    * 通过 /yolo 命令切换。destructive 操作仍会显示警告但不阻塞。
    */
   sessionAutoApprove = false;
+  /**
+   * Logical session key used to scope per-session state in stateful tools
+   * (currently only `bash`'s persistent cwd). Web mode sets this per-tab so
+   * concurrent tabs don't share cwd. CLI/REPL leaves it undefined (the bash
+   * tool falls back to a default key).
+   */
+  sessionKey;
+  setSessionKey(key) {
+    this.sessionKey = key;
+  }
   /**
    * 由外部（repl.ts SIGINT handler）调用，将当前 confirm() 等待视为用户按 N 取消。
    * 若当前没有 confirm() 进行中，无操作。
@@ -1443,6 +1481,9 @@ var ToolExecutor = class {
     if (opts.defaultPermission) this.defaultPermission = opts.defaultPermission;
   }
   async execute(call) {
+    return runWithSessionKey(this.sessionKey, () => this.executeInner(call));
+  }
+  async executeInner(call) {
     const tool = this.registry.get(call.name);
     if (!tool) {
       return {

package/dist/{constants-OCYK6U3N.js → constants-YEBRZDBP.js}

@@ -36,7 +36,7 @@ import {
   TEST_TIMEOUT,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import "./chunk-PDX44BCA.js";
 export {
   AGENTIC_BEHAVIOR_GUIDELINE,

package/dist/electron-server.js

@@ -36,7 +36,7 @@ import {
   VERSION,
   buildUserIdentityPrompt,
   runTestsTool
-} from "./chunk-DEXCXFLP.js";
+} from "./chunk-W45U3KQE.js";
 import {
   hasSemanticIndex,
   semanticSearch
@@ -3742,10 +3742,36 @@ function currentAbortSignal() {
   return controller.signal;
 }
 
+// src/tools/session-context.ts
+import { AsyncLocalStorage } from "async_hooks";
+var als = new AsyncLocalStorage();
+var DEFAULT_SESSION_KEY = "__default__";
+function getCurrentSessionKey() {
+  const ctx = als.getStore();
+  if (!ctx || !ctx.sessionKey) return DEFAULT_SESSION_KEY;
+  return ctx.sessionKey;
+}
+function runWithSessionKey(sessionKey, fn) {
+  const key = sessionKey && sessionKey.length > 0 ? sessionKey : DEFAULT_SESSION_KEY;
+  return als.run({ sessionKey: key }, fn);
+}
+
 // src/tools/builtin/bash.ts
 var IS_WINDOWS = platform() === "win32";
 var SHELL = IS_WINDOWS ? "powershell.exe" : process.env["SHELL"] ?? "/bin/bash";
-var persistentCwd = process.cwd();
+var cwdBySession = /* @__PURE__ */ new Map();
+function getCwd() {
+  const key = getCurrentSessionKey();
+  let cwd = cwdBySession.get(key);
+  if (!cwd) {
+    cwd = process.cwd();
+    cwdBySession.set(key, cwd);
+  }
+  return cwd;
+}
+function setCwd(next) {
+  cwdBySession.set(getCurrentSessionKey(), next);
+}
 var bashTool = {
   definition: {
     name: "bash",
@@ -3790,17 +3816,19 @@ Important rules:
     if (!command.trim()) {
       throw new ToolError("bash", "command is required");
     }
-    if (!existsSync4(persistentCwd)) {
+    let currentCwd = getCwd();
+    if (!existsSync4(currentCwd)) {
       const fallback = process.cwd();
       process.stderr.write(
-        `[bash] Previous cwd "${persistentCwd}" no longer exists, reset to "${fallback}"
+        `[bash] Previous cwd "${currentCwd}" no longer exists, reset to "${fallback}"
 `
       );
-      persistentCwd = fallback;
+      currentCwd = fallback;
+      setCwd(fallback);
     }
-    let effectiveCwd = persistentCwd;
+    let effectiveCwd = currentCwd;
     if (cwdArg) {
-      const resolved = resolve(persistentCwd, cwdArg);
+      const resolved = resolve(currentCwd, cwdArg);
       if (!existsSync4(resolved)) {
         throw new ToolError(
           "bash",
@@ -3808,7 +3836,7 @@ Important rules:
         );
       }
       effectiveCwd = resolved;
-      persistentCwd = resolved;
+      setCwd(resolved);
     }
     let actualCommand;
     if (IS_WINDOWS) {
@@ -4064,7 +4092,7 @@ function updateCwdFromCommand(command, baseCwd) {
   try {
     const newDir = resolve(baseCwd, target);
     if (existsSync4(newDir)) {
-      persistentCwd = newDir;
+      setCwd(newDir);
     }
   } catch {
   }
@@ -4885,6 +4913,16 @@ var ToolExecutor = class {
    * 通过 /yolo 命令切换。destructive 操作仍会显示警告但不阻塞。
    */
   sessionAutoApprove = false;
+  /**
+   * Logical session key used to scope per-session state in stateful tools
+   * (currently only `bash`'s persistent cwd). Web mode sets this per-tab so
+   * concurrent tabs don't share cwd. CLI/REPL leaves it undefined (the bash
+   * tool falls back to a default key).
+   */
+  sessionKey;
+  setSessionKey(key) {
+    this.sessionKey = key;
+  }
   /**
    * 由外部（repl.ts SIGINT handler）调用，将当前 confirm() 等待视为用户按 N 取消。
    * 若当前没有 confirm() 进行中，无操作。
@@ -4917,6 +4955,9 @@ var ToolExecutor = class {
     if (opts.defaultPermission) this.defaultPermission = opts.defaultPermission;
   }
   async execute(call) {
+    return runWithSessionKey(this.sessionKey, () => this.executeInner(call));
+  }
+  async executeInner(call) {
     const tool = this.registry.get(call.name);
     if (!tool) {
       return {
@@ -10046,6 +10087,7 @@ var SessionHandler = class _SessionHandler {
     this.mcpManager = shared.mcpManager;
     this.skillManager = shared.skillManager;
     this.toolExecutor = new ToolExecutorWeb(shared.toolRegistry, ws);
+    this.toolExecutor.setSessionKey(`web-${Math.random().toString(36).slice(2)}-${Date.now()}`);
     this.currentProvider = this.config.get("defaultProvider");
     const allDefaultModels = this.config.get("defaultModels");
     try {
@@ -11918,7 +11960,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-V73IZCNW.js");
+          const { executeTests } = await import("./run-tests-OB4CWKKX.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -12906,8 +12948,11 @@ import { existsSync as existsSync21, readFileSync as readFileSync14, writeFileSy
 import { join as join14 } from "path";
 import { createHmac, randomBytes, timingSafeEqual, pbkdf2Sync } from "crypto";
 var USERS_FILE = "users.json";
-var TOKEN_EXPIRY_HOURS = 24 * 7;
+var TOKEN_EXPIRY_HOURS = 24;
 var USERS_DIR = "users";
+var LOGIN_MAX_FAILS = 5;
+var LOGIN_LOCKOUT_MS = 15 * 60 * 1e3;
+var loginAttempts = /* @__PURE__ */ new Map();
 var AuthManager = class {
   usersFile;
   baseDir;
@@ -12958,16 +13003,30 @@ var AuthManager = class {
     this.save();
     return null;
   }
-  /** Authenticate user. Returns JWT token or null. */
+  /**
+   * Authenticate user. Returns JWT token or null on failure.
+   *
+   * Audit closure (5th audit, v0.4.114): integrates failed-login lockout
+   * (CWE-307). After {@link LOGIN_MAX_FAILS} consecutive failures within a
+   * lockout window, further attempts return null without checking the
+   * password (avoiding pbkdf2 work + leaking timing). Successful login
+   * resets the counter.
+   */
   login(username, password) {
     username = username.trim().toLowerCase();
+    const lockState = this.getLockState(username);
+    if (lockState.locked) return null;
     const user = this.db.users.find((u) => u.username === username);
-    if (!user) return null;
+    if (!user) {
+      this.recordFailedLogin(username);
+      return null;
+    }
     const isLegacy = !user.hashVersion || user.hashVersion < 2;
     const hash = isLegacy ? this.hashPasswordLegacy(password, user.salt) : this.hashPassword(password, user.salt);
     const a = Buffer.from(hash, "utf-8");
     const b = Buffer.from(user.passwordHash, "utf-8");
     if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      this.recordFailedLogin(username);
       return null;
     }
     if (isLegacy) {
@@ -12977,8 +13036,34 @@ var AuthManager = class {
       user.hashVersion = 2;
       this.save();
     }
+    loginAttempts.delete(username);
     return this.createToken(username);
   }
+  /**
+   * Returns current lockout state for a username and lazily expires it.
+   * Exposed (read-only) for tests and the `aicli user` CLI status output.
+   */
+  getLockState(username) {
+    username = username.trim().toLowerCase();
+    const state = loginAttempts.get(username);
+    if (!state) return { locked: false, remainingMs: 0, fails: 0 };
+    if (state.lockedUntil > 0 && Date.now() >= state.lockedUntil) {
+      loginAttempts.delete(username);
+      return { locked: false, remainingMs: 0, fails: 0 };
+    }
+    if (state.lockedUntil > 0) {
+      return { locked: true, remainingMs: state.lockedUntil - Date.now(), fails: state.fails };
+    }
+    return { locked: false, remainingMs: 0, fails: state.fails };
+  }
+  recordFailedLogin(username) {
+    const state = loginAttempts.get(username) ?? { fails: 0, lockedUntil: 0 };
+    state.fails += 1;
+    if (state.fails >= LOGIN_MAX_FAILS) {
+      state.lockedUntil = Date.now() + LOGIN_LOCKOUT_MS;
+    }
+    loginAttempts.set(username, state);
+  }
   /** Verify a token. Returns username or null. */
   verifyToken(token) {
     try {
@@ -12991,12 +13076,29 @@ var AuthManager = class {
         Buffer.from(payloadB64, "base64url").toString("utf-8")
       );
       if (Date.now() > payload.exp) return null;
-      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      const user = this.db.users.find((u) => u.username === payload.username);
+      if (!user) return null;
+      if (user.tokensRevokedBefore && (!payload.iat || payload.iat < user.tokensRevokedBefore)) {
+        return null;
+      }
       return payload.username;
     } catch {
       return null;
     }
   }
+  /**
+   * Revoke every outstanding token for the given user by bumping the
+   * `tokensRevokedBefore` watermark to now. Audit closure (5th audit,
+   * v0.4.114). Returns true if the user existed.
+   */
+  logoutAll(username) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return false;
+    user.tokensRevokedBefore = Date.now() + 1;
+    this.save();
+    return true;
+  }
   /** Get user's data directory (absolute path) */
   getUserDataDir(username) {
     const user = this.db.users.find((u) => u.username === username);
@@ -13028,6 +13130,7 @@ var AuthManager = class {
     user.passwordHash = this.hashPassword(newPassword, salt);
     user.salt = salt;
     user.hashVersion = 2;
+    user.tokensRevokedBefore = Date.now() + 1;
     this.save();
     return null;
   }
@@ -13099,9 +13202,11 @@ var AuthManager = class {
     return pbkdf2Sync(password, salt, 1e5, 64, "sha512").toString("hex");
   }
   createToken(username) {
+    const now = Date.now();
     const payload = {
       username,
-      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+      iat: now,
+      exp: now + TOKEN_EXPIRY_HOURS * 3600 * 1e3
     };
     const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
     const signature = this.sign(payloadB64);
@@ -13196,6 +13301,27 @@ async function startWebServer(options = {}) {
     skillManager
   };
   const app = express();
+  app.use((_req, res, next) => {
+    res.setHeader(
+      "Content-Security-Policy",
+      [
+        "default-src 'self'",
+        "script-src 'self'",
+        "style-src 'self' 'unsafe-inline'",
+        "img-src 'self' data: blob:",
+        "font-src 'self' data:",
+        "connect-src 'self' ws: wss:",
+        "frame-ancestors 'none'",
+        "base-uri 'self'",
+        "form-action 'self'"
+      ].join("; ")
+    );
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
+    next();
+  });
   const server = createServer(app);
   const WS_MAX_PAYLOAD = 1 * 1024 * 1024;
   const WS_MSG_RATE_PER_SEC = 30;

package/dist/{hub-7KYFVLHM.js → hub-DGJC2RRF.js}

@@ -386,7 +386,7 @@ ${content}`);
   }
 }
 async function runTaskMode(config, providers, configManager, topic) {
-  const { TaskOrchestrator } = await import("./task-orchestrator-RPYZT2WL.js");
+  const { TaskOrchestrator } = await import("./task-orchestrator-32YQ6HB2.js");
   const orchestrator = new TaskOrchestrator(config, providers, configManager);
   let interrupted = false;
   const onSigint = () => {

package/dist/index.js

@@ -31,10 +31,10 @@ import {
   setupProxy,
   stripPseudoToolCalls,
   stripToolCallReminder
-} from "./chunk-BWZJGCO6.js";
+} from "./chunk-E24HT62E.js";
 import {
   ConfigManager
-} from "./chunk-FM5VYCXA.js";
+} from "./chunk-CP6PALA4.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -53,10 +53,10 @@ import {
   spawnAgentContext,
   theme,
   undoStack
-} from "./chunk-7XXZWPTN.js";
+} from "./chunk-XXKWSBRC.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-5XHNTLRS.js";
+import "./chunk-2WAF7FOX.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
@@ -79,7 +79,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import {
   formatGitContextForPrompt,
   getGitContext,
@@ -1600,7 +1600,7 @@ ${text}
           const { join: join6 } = await import("path");
           const { existsSync: existsSync6 } = await import("fs");
           const { getGitRoot: getGitRoot2 } = await import("./git-context-7KIP4X2V.js");
-          const { MCP_PROJECT_CONFIG_NAME: MCP_PROJECT_CONFIG_NAME2 } = await import("./constants-OCYK6U3N.js");
+          const { MCP_PROJECT_CONFIG_NAME: MCP_PROJECT_CONFIG_NAME2 } = await import("./constants-YEBRZDBP.js");
           const { approveProject, hashMcpFile } = await import("./project-trust-IFM7FXEV.js");
           const cwd = process.cwd();
           const projectRoot = getGitRoot2(cwd) ?? cwd;
@@ -2650,7 +2650,7 @@ ${hint}` : "")
       usage: "/test [command|filter]",
       async execute(args, ctx) {
         try {
-          const { executeTests } = await import("./run-tests-JMKGA7XU.js");
+          const { executeTests } = await import("./run-tests-7WN5Q7YV.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -6882,11 +6882,11 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-YY6CUP3K.js");
+  const { startWebServer } = await import("./server-AKG7HG36.js");
   await startWebServer({ port, host: options.host });
 });
-program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {
-  const { AuthManager } = await import("./auth-SC6KHHI3.js");
+program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | logout-all <name> | migrate <name>)").action(async (action, username) => {
+  const { AuthManager } = await import("./auth-VBV7HTLQ.js");
   const config = new ConfigManager();
   const auth = new AuthManager(config.getConfigDir());
   if (!action || action === "list") {
@@ -6961,6 +6961,19 @@ ${users.length} user(s) registered (auth enabled):
     console.log(`\u2713 Password reset for '${username}'.`);
     return;
   }
+  if (action === "logout-all") {
+    if (!username) {
+      console.error("Usage: aicli user logout-all <username>");
+      process.exit(1);
+    }
+    const ok = auth.logoutAll(username);
+    if (!ok) {
+      console.error(`Error: User '${username}' not found.`);
+      process.exit(1);
+    }
+    console.log(`\u2713 All outstanding sessions for '${username}' revoked.`);
+    return;
+  }
   if (action === "migrate") {
     if (!username) {
       console.error("Usage: aicli user migrate <username>");
@@ -6980,7 +6993,7 @@ ${users.length} user(s) registered (auth enabled):
     return;
   }
   console.error(`Unknown action: ${action}`);
-  console.error("Available: list, create, delete, reset-password, migrate");
+  console.error("Available: list, create, delete, reset-password, logout-all, migrate");
   process.exit(1);
 });
 program.command("sessions").description("List recent conversation sessions").action(async () => {
@@ -7005,7 +7018,7 @@ program.command("sessions").description("List recent conversation sessions").act
 });
 program.command("batch <action> [arg] [arg2]").description("Anthropic Message Batches: submit | list | status <id> | results <id> [out] | cancel <id>").option("--dry-run", "Parse and validate input without submitting (submit only)").action(async (action, arg, arg2, options) => {
   try {
-    const batch = await import("./batch-QQGRQ45S.js");
+    const batch = await import("./batch-Q5NQCXKN.js");
     switch (action) {
       case "submit":
         if (!arg) {
@@ -7048,7 +7061,7 @@ program.command("batch <action> [arg] [arg2]").description("Anthropic Message Ba
   }
 });
 program.command("mcp-serve").description("Start an MCP server over STDIO, exposing aicli's built-in tools to Claude Desktop / Cursor / other MCP clients").option("--allow-destructive", "Allow bash / run_interactive / task_create (always destructive in MCP mode)").option("--allow-outside-cwd", "Allow tool path arguments to escape the sandbox root \u2014 disabled by default").option("--tools <list>", "Comma-separated whitelist of tools to expose (default: all eligible tools)").option("--cwd <path>", "Working directory AND sandbox root (default: current directory)").action(async (options) => {
-  const { startMcpServer } = await import("./server-WWFOPWWJ.js");
+  const { startMcpServer } = await import("./server-NQ5J6FAL.js");
   await startMcpServer({
     allowDestructive: !!options.allowDestructive,
     allowOutsideCwd: !!options.allowOutsideCwd,
@@ -7175,7 +7188,7 @@ program.command("hub [topic]").description("Start multi-agent hub (discuss / bra
     }),
     config.get("customProviders")
   );
-  const { startHub } = await import("./hub-7KYFVLHM.js");
+  const { startHub } = await import("./hub-DGJC2RRF.js");
   await startHub(
     {
       topic: topic ?? "",

package/dist/{run-tests-JMKGA7XU.js → run-tests-7WN5Q7YV.js}

@@ -2,8 +2,8 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-5XHNTLRS.js";
-import "./chunk-AWZ63EVH.js";
+} from "./chunk-2WAF7FOX.js";
+import "./chunk-UF62SHR7.js";
 import "./chunk-PDX44BCA.js";
 export {
   executeTests,

package/dist/{run-tests-V73IZCNW.js → run-tests-OB4CWKKX.js}

@@ -1,7 +1,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-DEXCXFLP.js";
+} from "./chunk-W45U3KQE.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   executeTests,

package/dist/{server-YY6CUP3K.js → server-AKG7HG36.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   AuthManager
-} from "./chunk-BYNY5JPB.js";
+} from "./chunk-5UPFMM2A.js";
 import {
   CONTENT_ONLY_STREAM_REMINDER,
   HALLUCINATION_CORRECTION_MESSAGE,
@@ -24,10 +24,10 @@ import {
   setupProxy,
   stripPseudoToolCalls,
   stripToolCallReminder
-} from "./chunk-BWZJGCO6.js";
+} from "./chunk-E24HT62E.js";
 import {
   ConfigManager
-} from "./chunk-FM5VYCXA.js";
+} from "./chunk-CP6PALA4.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -45,10 +45,10 @@ import {
   spawnAgentContext,
   truncateOutput,
   undoStack
-} from "./chunk-7XXZWPTN.js";
+} from "./chunk-XXKWSBRC.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-5XHNTLRS.js";
+import "./chunk-2WAF7FOX.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
@@ -68,7 +68,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import {
   formatGitContextForPrompt,
   getGitContext,
@@ -539,6 +539,7 @@ var SessionHandler = class _SessionHandler {
     this.mcpManager = shared.mcpManager;
     this.skillManager = shared.skillManager;
     this.toolExecutor = new ToolExecutorWeb(shared.toolRegistry, ws);
+    this.toolExecutor.setSessionKey(`web-${Math.random().toString(36).slice(2)}-${Date.now()}`);
     this.currentProvider = this.config.get("defaultProvider");
     const allDefaultModels = this.config.get("defaultModels");
     try {
@@ -2411,7 +2412,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-JMKGA7XU.js");
+          const { executeTests } = await import("./run-tests-7WN5Q7YV.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -3467,6 +3468,27 @@ async function startWebServer(options = {}) {
     skillManager
   };
   const app = express();
+  app.use((_req, res, next) => {
+    res.setHeader(
+      "Content-Security-Policy",
+      [
+        "default-src 'self'",
+        "script-src 'self'",
+        "style-src 'self' 'unsafe-inline'",
+        "img-src 'self' data: blob:",
+        "font-src 'self' data:",
+        "connect-src 'self' ws: wss:",
+        "frame-ancestors 'none'",
+        "base-uri 'self'",
+        "form-action 'self'"
+      ].join("; ")
+    );
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
+    next();
+  });
   const server = createServer(app);
   const WS_MAX_PAYLOAD = 1 * 1024 * 1024;
   const WS_MSG_RATE_PER_SEC = 30;

package/dist/{server-WWFOPWWJ.js → server-NQ5J6FAL.js}

@@ -3,14 +3,14 @@ import {
   ToolRegistry,
   getDangerLevel,
   schemaToJsonSchema
-} from "./chunk-7XXZWPTN.js";
+} from "./chunk-XXKWSBRC.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-5XHNTLRS.js";
+import "./chunk-2WAF7FOX.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   VERSION
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-7ZJN4KLV.js";
 import "./chunk-KHYD3WXE.js";
@@ -23,6 +23,14 @@ import { createInterface } from "readline";
 import { resolve } from "path";
 import { realpathSync } from "fs";
 var STDIN_TOOLS = /* @__PURE__ */ new Set(["ask_user", "spawn_agent"]);
+function looksLikePath(s) {
+  if (s.startsWith("/")) return true;
+  if (s.startsWith("\\\\")) return true;
+  if (/^[a-zA-Z]:[\\/]/.test(s)) return true;
+  if (s.startsWith("../") || s.startsWith("..\\")) return true;
+  if (s === "..") return true;
+  return false;
+}
 var MCP_ALWAYS_DESTRUCTIVE = /* @__PURE__ */ new Set([
   "bash",
   "run_interactive",
@@ -237,19 +245,30 @@ var McpServer = class {
   validatePathArgs(toolName, args) {
     if (this.opts.allowOutsideCwd) return void 0;
     const keys = TOOL_PATH_ARGS[toolName];
-    if (!keys) return void 0;
-    for (const key of keys) {
-      const value = args[key];
-      if (value === void 0 || value === null) continue;
-      const list = Array.isArray(value) ? value : [value];
-      for (const entry of list) {
-        if (typeof entry !== "string" || entry.length === 0) continue;
-        const abs = resolve(this.sandboxRoot, entry);
-        if (!this.isInsideSandbox(abs)) {
-          return `Path '${entry}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+    if (keys) {
+      for (const key of keys) {
+        const value = args[key];
+        if (value === void 0 || value === null) continue;
+        const list = Array.isArray(value) ? value : [value];
+        for (const entry of list) {
+          if (typeof entry !== "string" || entry.length === 0) continue;
+          const abs = resolve(this.sandboxRoot, entry);
+          if (!this.isInsideSandbox(abs)) {
+            return `Path '${entry}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+          }
         }
       }
     }
+    const knownKeys = new Set(keys ?? []);
+    for (const [k, v] of Object.entries(args)) {
+      if (knownKeys.has(k)) continue;
+      if (typeof v !== "string" || v.length === 0) continue;
+      if (!looksLikePath(v)) continue;
+      const abs = resolve(this.sandboxRoot, v);
+      if (!this.isInsideSandbox(abs)) {
+        return `Path-like argument '${k}=${v}' escapes sandbox root '${this.sandboxRoot}'. Pass --allow-outside-cwd to permit.`;
+      }
+    }
     return void 0;
   }
   isInsideSandbox(abs) {

package/dist/{task-orchestrator-RPYZT2WL.js → task-orchestrator-32YQ6HB2.js}

@@ -4,14 +4,14 @@ import {
   getDangerLevel,
   googleSearchContext,
   truncateOutput
-} from "./chunk-7XXZWPTN.js";
+} from "./chunk-XXKWSBRC.js";
 import "./chunk-3BICTI5M.js";
 import "./chunk-2DXY7UGF.js";
-import "./chunk-5XHNTLRS.js";
+import "./chunk-2WAF7FOX.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   SUBAGENT_ALLOWED_TOOLS
-} from "./chunk-AWZ63EVH.js";
+} from "./chunk-UF62SHR7.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-7ZJN4KLV.js";
 import "./chunk-KHYD3WXE.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.4.112",
+  "version": "0.4.114",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",
@@ -21,6 +21,7 @@
     "dev": "tsx src/index.ts",
     "test": "vitest run",
     "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
     "lint": "eslint src",
     "prepublishOnly": "npm run build",
     "patch": "node scripts/patch-sqlite.mjs",
@@ -89,8 +90,8 @@
     "tree-sitter-javascript": "^0.25.0",
     "tree-sitter-python": "^0.25.0",
     "tree-sitter-typescript": "^0.23.2",
-    "undici": "^7.22.0",
-    "uuid": "^11.0.5",
+    "undici": "^7.24.0",
+    "uuid": "^14.0.0",
     "web-tree-sitter": "^0.26.8",
     "ws": "^8.19.0",
     "zod": "^3.24.1"
@@ -101,12 +102,15 @@
     "@types/uuid": "^10.0.0",
     "@types/ws": "^8.18.1",
     "@yao-pkg/pkg": "^6.14.0",
-    "electron": "^35.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.13.0",
+    "@typescript-eslint/parser": "^8.13.0",
+    "electron": "^41.4.0",
     "electron-builder": "^26.0.0",
+    "eslint": "^9.13.0",
     "tsup": "^8.3.5",
     "tsx": "^4.19.2",
     "typescript": "^5.7.3",
-    "vitest": "^2.1.8"
+    "vitest": "^3.2.4"
   },
   "author": "jinzd",
   "build": {

package/dist/auth-SC6KHHI3.js

@@ -1,8 +0,0 @@
-#!/usr/bin/env node
-import {
-  AuthManager
-} from "./chunk-BYNY5JPB.js";
-import "./chunk-PDX44BCA.js";
-export {
-  AuthManager
-};